Attackers Use Fake Friends to Blend into Facebook

Barracuda Networks, the provider of security, networking and data protection solutions, today released findings from Barracuda Labs most recent study, Facebook: Fake Profiles vs. Real Users. The study analyzes a random sampling of 2,884 active Facebook accounts to identify key differences between average real user accounts and fake accounts created by attackers and spammers. The results of the study are being presented today at the 2012 Kaspersky Threatpost Security Analyst Summit in Cancun, Mexico.

Facebook, which filed for IPO this week, has become an important part of personal and business communication. The company consistently fights to keep attackers out of its network, most recently announcing its lawsuit against a marketing firm accused of “spreading spam through misleading and deceptive tactics”. The Barracuda Labs study provides yet another example of this arms race as an increasing number of attackers move to social networks to carry out their wares.

Highlighted findings from the Barracuda Labs study include:
Almost 60 percent of fake accounts claim to be bisexual, 10 times more than real users
Fake accounts have six times more friends than real users, 726 versus 130
Fake accounts use photo tags over 100 times more than real users, 136 tags per four photos versus one tag per four photos
Fake accounts almost always (97 percent) claim to be female, as opposed to 40 percent for real users

“Likes, News Feeds and Apps have helped lead Facebook to its social network dominance and now attackers are harnessing those same features to efficiently scale their efforts, said Dr. Paul Judge, chief research officer at Barracuda Networks. These fake profiles and apps give attackers a long-lived path to continuously present malicious links to innocent users.

Also, researchers have shown how friending malicious accounts can lead to account takeover using Facebook’s trusted friend account recovery, Judge continued. We have analyzed thousands of fake accounts to determine features and patterns that distinguish them from real users, and created a feature-based heuristic engine to distinguish real users from fake profiles.”

The study analyzes data collected from Barracuda Profile Protector, a free tool that analyzes and blocks malicious activity on Facebook and Twitter, along with public data collected from streams and network crawling to demonstrate how users typically operate. The study illustrates how attacks on Facebook are structured to exploit the friendship concept and trust of widely-used applications. A variety of machine learning techniques are used to analyze shared URLs, profile images, profile information, and connections with other users to reveal associations, weak and strong, between malicious users.